package com.itogis.interceptors;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import com.itogis.rest.po.SysUserInfo;
import com.wabacus.system.ReportRequest;
import com.wabacus.system.intercept.AbsPageInterceptor;

/**
 * 过滤功能权限（页面的按钮等其他功能）
 * @author Administrator
 *
 */
public class GlobalInterceptor extends AbsPageInterceptor {
	public void doStart(ReportRequest rrequest) {
		String pageid = rrequest.getPagebean().getId();// 取到当前拦截的页面id
		SysUserInfo sysUserInfo = (SysUserInfo) rrequest.getRequest().getSession().getAttribute("userInfoBean");
		String sql = "select r.*,case r.permissiontype when  'display' then 'true' when 'disabled' then 'false'  end as permissionvalue "
				+ "from sys_rightinfo r " + "where rightid in "
				+ "(select rightid " + "from sys_roleright_r "
				+ "where roleid in "
				+ "(select roleid from sys_roleuser_r where userid = '"
				+ sysUserInfo.getUserId() + "')) and pageid='" + pageid
				+ "' union " +

				"select r.*, case r.permissiontype when  'display' then 'false' when 'disabled' then 'true' end as permissionvalue "
				+ "from sys_rightinfo r " + "where rightid not in "
				+ "(select rightid " + "from sys_roleright_r "
				+ "where roleid in "
				+ "(select roleid from sys_roleuser_r where userid = '"
				+ sysUserInfo.getUserId() + "')) and pageid='" + pageid + "'";

		Connection conn = rrequest.getConnection();
		Statement stmt = null;
		try {
			stmt = conn.createStatement();
			ResultSet rs = stmt.executeQuery(sql);
			while (rs.next()) {// 对取到的每个权限定义进行授权
				if (rs.getString("reportid") != null
						&& !rs.getString("reportid").trim().equals("")) {
					rrequest.authorize(rs.getString("reportid"),
							rs.getString("parttype"), rs.getString("partid"),
							rs.getString("permissiontype"),
							rs.getString("permissionvalue"));
				}
			}
			rs.close();
		} catch (SQLException e) {
			e.printStackTrace();
		} finally {
			try {
				stmt.close();
			} catch (SQLException e) {
				e.printStackTrace();
			}
		}
	}
	
	public void doEnd(ReportRequest rrequest) {
	}
}